Home > mailing lists

Re: Sql injection attacks - Mailing list pgsql-general

From	Mage
Subject	Re: Sql injection attacks
Date	July 26, 2004 06:08:57
Msg-id	41049FE3.1070600@mage.hu Whole thread Raw
In response to	Re: Sql injection attacks (Bill Moran <wmoran@potentialtech.com>)
Responses	Re: Sql injection attacks ("Matthew D. Fuller" <fullermd@over-yonder.net>)
List	pgsql-general

Tree view

Bill Moran wrote:

 >
 >
 >Simply put:
 >1) If the untrusted value is a string, using a proper escape sequence
should
 >   make it safe.
 >
 >
in pgsql (and mysql) you can escape almost everything.

update table set a = '5' is corrent, even is column a is integer type.
You can't escape the null value.

      Mage

pgsql-general by date:

From: Greg Stark
Date: 26 July 2004, 05:58:04
Subject: Re: Sql injection attacks

From: "Magnus Hagander"
Date: 26 July 2004, 08:40:05
Subject: Re: Sql injection attacks

Re: Sql injection attacks - Mailing list pgsql-general

Previous

Next